What is a Tracking Pixel? How Web Beacons Work

November 12, 2021 - Ensighten

The tracking pixel is known by many names: web beacon, marketing pixel, conversion pixel, retargeting pixel, and sometimes just "pixel." No matter what you call it, this tiny fragment of code is a lot like the long-familiar cookie, but there are small differences that set them apart. 

While it's frequently used--and highly useful--in advertising and marketing, the tracking pixel is still a mystery to many laypeople. Let's take a few moments to learn more about tracking pixels, how they work, and the privacy and compliance challenges that can arise with their use. 

What is a Tracking Pixel? How do They Work?

A tracking pixel, like a cookie, is essentially a small snippet of HTML that lets marketers and advertisers gather information about a website's visitors.  However, unlike cookies, which must be dropped on a user's browser to work, tracking pixels are able to send information directly to web servers, and cannot be disabled from the client-side as easily as cookies can be. 

This HTML creates a 1x1 pixel graphic, which is often transparent, or otherwise disguised to blend into a website or email's background. The pixel code contains an external link to the pixel server, and when a user visits a website using this pixel, the HTML code is processed by the user’s browser, which follows the link and opens the pixel graphic. Every time this happens, the pixel server registers the action in its log files. And so, when a user visits multiple sites with a certain pixel, advertisers are able to track their journey and retarget them with tailored advertisements. 

For example, have you ever been shopping online and then logged into Facebook to find that all of your ads are for similar items? This is tracking pixels at work. 

What Are the Different Kinds of Tracking Pixels?

Let's take a look at some of the most common tracking pixels: 

  • Retargeting Pixels: Retargeting pixels, or website pixels, are the most common and basic form of tracking pixels. These small snippets of code run when a user visits a page and take note of the visit, so that the user can later be retargeted with similar content. 
  • Conversion Pixels: Conversion pixels are used to track the completion of a sale, and are useful for evaluating the efficacy of an ad or email campaign. Conversion pixels are typically placed on an order confirmation page or email. 
  • Landing Page Pixel:  Similar to the conversion pixel, a landing page pixel allows advertisers to follow prospect activity once they reach the company's landing page. This pixel provides insights into the campaign performance and overall performance optimizations.
  • Facebook Pixel: The Facebook pixel is essentially a retargeting pixel for Facebook ads. It allows marketers to track users who interact with both their website and their Facebook ads, so that they can measure ad campaigns, retarget audiences, and track conversions. 

How Data Privacy Laws Regulate Tracking Pixels - Consent Requirements

Both the General Data Protection Regulation (GDPR) in the European Union (EU) and the California Consumer Protection Act (CCPA) set out to protect consumers' rights by some measure of control over data collection back into the hands of consumers. 

The CCPA gives California consumers the right to know when their data is being collected, what information is being collected, and how that data is being used--but it does not require users to opt-in for tracking, so advertisers do not need to withhold tracking pixels.  

On the contrary, the GDPR has much stricter rules regarding tracking and consent. A user’s consent must be gathered before any tracking can take place, which means tracking pixels may not be used prior to consent.  What's more, user's must give informed consent for each specific form of tracking, and so they must be given information about the specific purpose of each tracking pixel or cookie, as well as the data it collects before granting consent. Finally, it must be possible for a user to withdraw consent for tracking at any time.

Other international laws, like China's PIPL, largely follow the example set by the GDPR.



Founded in 2009, Ensighten is the global cybersecurity leader providing client-side protection against data loss, ad injection, and intrusion while enhancing website performance.

Learn more about Ensighten and our solution

Online skimming blog

Learn why third-party components on your website could be leaving you vulnerable to online skimming attacks

Read Now

Web skimming webinar

Learn more about how online skimming attacks happen and how you can protect against them

Watch Now

Online demo

See the Ensighten solution in action to learn how we can help protect your website against online skimming

Book Now